Blacklisted by Spamhaus SBLCSS

Recommended Posts

This might be off-topic but I would appreciate some help because I am at a loss

I've got a server with Linode and it comes with two IP addresses, one IPv4 and one IPv6. The server is running CentOS 7, with Apache virtualhosts that host static html pages and postfix/dovecot for my personal email. So far so good.

Now here comes the crazy thing. Spamhaus will list my IPv6 address in their SBLCSS blacklist, continuously (I delist and a few hours later its listed again).

The server is not compromised, its a vanilla CentOS 7 with SELinux enabled and running Apache for static html pages, the server cpu usage is 0% and network is also at 0%. I even shutdown the server and my IPv6 address STILL got listed by Spamhaus even tough the server was turned off. I am can only conclude that my server is not compromised, maybe Spamhaus is running some kind of net-block-wide auto-block system that also covers my own IPv6 address.

My IPv4 has never been listed, in case you are wondering, and neither of my two addresses got listed on any other blacklist that I know of. I tried to contact Spamhaus but they don't have any contact information on their website.

Share this post

Link to post

Share on other sites

According to Spamhaus's FAQs about SBL CSS (https://www.spamhaus.org/faq/section/Spamhaus CSS), for IPv6 addresses their listings are not of single addresses but of ranges of addresses that are small enough that they should only cover a single customer:

Quote

CSS lists "/64" CIDR blocks in IPv6. Without such aggregation, IPv6 zone size could become unworkably large. Also, various gaming strategies used by spammers are much more difficult with aggregated blocks rather than single "/128" IPs. "/64" is the industry standard for the smallest IPv6 allocation to individual customers, even in home-use situations like cable, DSL or wireless. Thus, for ISPs which follow standard industry practices, CSS IPv6 listings will only affect a single customer.

If your provider have only allocated a single IPv6 address rather than a full /64 for your server, and have multiple customers in the same /64 address range, then they are ignoring standard practice for IPv6 addressing in a way that could mean that you're being affected by bad behaviour by other customers of theirs.